{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8746", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-08T09:14:11.987Z", "datePublished": "2025-08-09T06:02:07.329Z", "dateUpdated": "2025-08-11T17:56:50.375Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-09T06:02:07.329Z"}, "title": "GNU libopts __strstr_sse2 memory corruption", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "GNU", "product": "libopts", "versions": [{"version": "27.0", "status": "affected"}, {"version": "27.1", "status": "affected"}, {"version": "27.2", "status": "affected"}, {"version": "27.3", "status": "affected"}, {"version": "27.4", "status": "affected"}, {"version": "27.5", "status": "affected"}, {"version": "27.6", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this \"bug appears to be in libopts which is an external library.\" This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in GNU libopts bis 27.6 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion __strstr_sse2. Dank der Manipulation mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-08-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-08T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-08T11:19:40.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "nipc-cxd (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.319242", "name": "VDB-319242 | GNU libopts __strstr_sse2 memory corruption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.319242", "name": "VDB-319242 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.623632", "name": "Submit #623632 | tcpreplay tcpliveplay tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Segmentation Fault", "tags": ["third-party-advisory"]}, {"url": "https://github.com/appneta/tcpreplay/issues/957", "tags": ["issue-tracking"]}, {"url": "https://github.com/appneta/tcpreplay/issues/957#issuecomment-3124774393", "tags": ["issue-tracking"]}, {"url": "https://drive.google.com/file/d/1yjKOHxvL_9xExy4QUb5x43dxci1x59ts/view?usp=sharing", "tags": ["exploit"]}, {"url": "https://www.gnu.org/", "tags": ["product"]}], "tags": ["unsupported-when-assigned"]}, "adp": [{"references": [{"url": "https://github.com/appneta/tcpreplay/issues/957", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-11T17:54:28.716974Z", "id": "CVE-2025-8746", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-11T17:56:50.375Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8746", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-11T17:54:28.716974Z"}}}], "references": [{"url": "https://github.com/appneta/tcpreplay/issues/957", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-11T17:56:25.933Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "GNU libopts __strstr_sse2 memory corruption", "credits": [{"lang": "en", "type": "reporter", "value": "nipc-cxd (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "GNU", "product": "libopts", "versions": [{"status": "affected", "version": "27.0"}, {"status": "affected", "version": "27.1"}, {"status": "affected", "version": "27.2"}, {"status": "affected", "version": "27.3"}, {"status": "affected", "version": "27.4"}, {"status": "affected", "version": "27.5"}, {"status": "affected", "version": "27.6"}]}], "timeline": [{"lang": "en", "time": "2025-08-08T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-08-08T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-08-08T11:19:40.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.319242", "name": "VDB-319242 | GNU libopts __strstr_sse2 memory corruption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.319242", "name": "VDB-319242 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.623632", "name": "Submit #623632 | tcpreplay tcpliveplay tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Segmentation Fault", "tags": ["third-party-advisory"]}, {"url": "https://github.com/appneta/tcpreplay/issues/957", "tags": ["issue-tracking"]}, {"url": "https://github.com/appneta/tcpreplay/issues/957#issuecomment-3124774393", "tags": ["issue-tracking"]}, {"url": "https://drive.google.com/file/d/1yjKOHxvL_9xExy4QUb5x43dxci1x59ts/view?usp=sharing", "tags": ["exploit"]}, {"url": "https://www.gnu.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this \"bug appears to be in libopts which is an external library.\" This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in GNU libopts bis 27.6 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion __strstr_sse2. Dank der Manipulation mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-09T06:02:07.329Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8746", "state": "PUBLISHED", "dateUpdated": "2025-08-11T17:56:50.375Z", "dateReserved": "2025-08-08T09:14:11.987Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-08-09T06:02:07.329Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this \"bug appears to be in libopts which is an external library.\" This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en GNU libopts hasta la versi\u00f3n 27.6. La funci\u00f3n __strstr_sse2 se ve afectada. La manipulaci\u00f3n provoca corrupci\u00f3n de memoria. Se requiere acceso local para abordar este ataque. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Este problema se inform\u00f3 inicialmente al proyecto tcpreplay, pero el responsable del c\u00f3digo explica que este \"error parece estar en libopts, que es una librer\u00eda externa\". Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del responsable."}], "id": "CVE-2025-8746", "lastModified": "2025-08-11T18:32:48.867", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-08-09T06:15:35.580", "references": [{"source": "cna@vuldb.com", "url": "https://drive.google.com/file/d/1yjKOHxvL_9xExy4QUb5x43dxci1x59ts/view?usp=sharing"}, {"source": "cna@vuldb.com", "url": "https://github.com/appneta/tcpreplay/issues/957"}, {"source": "cna@vuldb.com", "url": "https://github.com/appneta/tcpreplay/issues/957#issuecomment-3124774393"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.319242"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.319242"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.623632"}, {"source": "cna@vuldb.com", "url": "https://www.gnu.org/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/appneta/tcpreplay/issues/957"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "libopts: Libopts Memory Corruption Vulnerability", "id": "2387367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387367"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-119", "details": ["A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this \"bug appears to be in libopts which is an external library.\" This vulnerability only affects products that are no longer supported by the maintainer.", "A buffer overflow flaw was found in libopts. The `__strstr_sse2` function is susceptible to memory corruption due to manipulation of internal data structures. A local attacker can trigger this vulnerability. Exploitation occurs through crafted input, potentially leading to a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-8746", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "sharutils", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "sharutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "sharutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "sharutils", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-08-09T06:02:07Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-8746\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-8746\nhttps://drive.google.com/file/d/1yjKOHxvL_9xExy4QUb5x43dxci1x59ts/view?usp=sharing\nhttps://github.com/appneta/tcpreplay/issues/957\nhttps://github.com/appneta/tcpreplay/issues/957#issuecomment-3124774393\nhttps://vuldb.com/?ctiid.319242\nhttps://vuldb.com/?id.319242\nhttps://vuldb.com/?submit.623632\nhttps://www.gnu.org/"], "threat_severity": "Low"}